对于基于密钥的身份验证,用户必须将其公钥添加到 ~/.ssh/authorized_keys 文件中。此文件可以包含多个密钥,每行一个。那么服务器如何选择正确的密钥来验证用户身份?
答案1
从源代码,它只是循环遍历所有键,直到找到匹配的键:
process_principals(FILE *f, const char *file, struct passwd *pw,
const struct sshkey_cert *cert)
{
//...
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
/* Always consume entire input */
if (found_principal)
continue;
//...
for (i = 0; i < cert->nprincipals; i++) {
if (strcmp(cp, cert->principals[i]) == 0) {
debug3("%s:%lu: matched principal \"%.100s\"",
file, linenum, cert->principals[i]);
if (auth_parse_options(pw, line_opts,
file, linenum) != 1)
continue;
found_principal = 1;
continue;
}
}
}
return found_principal;
}